Cyber Threats
What is the most common method used by cyber attackers to gain access to hospital networks?
Phishing
What is the practice of regularly updating software to protect against vulnerabilities?
Patch Management
What type of data is most commonly targeted in hospital cyber attacks?
Patient Records
The first step in responding to a cybersecurity incident.
Identification
This policy outlines the acceptable use of hospital IT resources.
Acceptable Use Policy
This type of malware encrypts a victim's files and demands payment for the decryption key.
Ransomware
This security measure requires users to provide two forms of identification before accessing an account.
Multi-Factor Authentication (MFA)
This act requires healthcare organizations to protect patient information and ensure data privacy.
HIPAA (Health Insurance Portability and Accountability Act)
The process of containing the impact of a cyber attack.
Containment
A policy that defines how to handle and protect sensitive patient information.
Data Privacy Policy
A cyber attack that overwhelms a network with traffic, causing it to become unavailable.
DDoS Attack (Distributed Denial of Service)
The process of converting data into a code to prevent unauthorized access.
Encryption
A cybersecurity framework specifically designed for healthcare organizations.
HITRUST (Health Information Trust Alliance)
The step where the root cause of the incident is determined and eliminated.
Eradication
This policy requires employees to report any suspicious activity or potential security breaches.
Incident Reporting Policy
This type of attack involves tricking individuals into revealing sensitive information by pretending to be a trustworthy entity.
Social Engineering
A network security system that monitors and controls incoming and outgoing network traffic.
Firewall
The practice of regularly backing up data to ensure it can be restored in case of a cyber attack.
Data Backup
The process of restoring systems to normal operation after a cyber attack.
Recovery
A policy that mandates regular training for staff on cybersecurity best practices.
Security Awareness Training Policy
A type of malware that disguises itself as legitimate software but performs malicious activities.
Trojan Horse
The principle of giving users the minimum level of access necessary to perform their job functions.
Least Privilege
A simulated cyber attack used to test the security of a hospital's systems.
Penetration Testing
The final step in the incident response process, involving a review of the incident and lessons learned.
Lessons Learned
This policy outlines the procedures for responding to a cybersecurity incident.
Incident Response Policy